diff --git a/kernel/linux/include/linux/string.h b/kernel/linux/include/linux/string.h index bec5fcd2..1404d35f 100644 --- a/kernel/linux/include/linux/string.h +++ b/kernel/linux/include/linux/string.h @@ -66,8 +66,8 @@ extern void *kfunc_def(memchr_inv)(const void *start, int c, size_t bytes); extern char *kfunc_def(strreplace)(char *s, char old, char new); extern void kfunc_def(fortify_panic)(const char *name); -extern int __must_check kfunc_def(kstrtoull)(const char *s, unsigned int base, unsigned long long *res); -extern int __must_check kfunc_def(kstrtoll)(const char *s, unsigned int base, long long *res); +extern int kfunc_def(kstrtoull)(const char *s, unsigned int base, unsigned long long *res); +extern int kfunc_def(kstrtoll)(const char *s, unsigned int base, long long *res); static inline void kfree_const(const void *x) { diff --git a/kernel/patch/common/sucompat.c b/kernel/patch/common/sucompat.c index 06161c23..1e31b60d 100644 --- a/kernel/patch/common/sucompat.c +++ b/kernel/patch/common/sucompat.c @@ -93,7 +93,7 @@ int is_su_allow_uid(uid_t uid) } KP_EXPORT_SYMBOL(is_su_allow_uid); -int su_add_allow_uid(uid_t uid, uid_t to_uid, const char *scontext, int async) +int su_add_allow_uid(uid_t uid, uid_t to_uid, const char *scontext, struct su_profile_ext *ext, int async) { if (!scontext) scontext = ""; @@ -113,6 +113,7 @@ int su_add_allow_uid(uid_t uid, uid_t to_uid, const char *scontext, int async) new->profile.to_uid = to_uid; strncpy(new->profile.scontext, scontext, sizeof(new->profile.scontext)); new->profile.scontext[sizeof(new->profile.scontext) - 1] = '\0'; + new->profile.ext = *ext; spin_lock(&list_lock); if (old) { // update @@ -485,9 +486,13 @@ int su_compat_init() INIT_LIST_HEAD(&allow_uid_list); spin_lock_init(&list_lock); +#ifdef ANDROID // default shell - su_add_allow_uid(2000, 0, all_allow_sctx, 1); - su_add_allow_uid(0, 0, all_allow_sctx, 1); + if (!all_allow_sctx[0]) strcpy(all_allow_sctx, ALL_ALLOW_SCONTEXT_MAGISK); + struct su_profile_ext ext = { .exclude = 0 }; + su_add_allow_uid(2000, 0, all_allow_sctx, &ext, 1); + su_add_allow_uid(0, 0, all_allow_sctx, &ext, 1); +#endif hook_err_t rc = HOOK_NO_ERR; diff --git a/kernel/patch/common/supercall.c b/kernel/patch/common/supercall.c index 72c1516d..05311e8f 100644 --- a/kernel/patch/common/supercall.c +++ b/kernel/patch/common/supercall.c @@ -179,7 +179,7 @@ static long call_grant_uid(struct su_profile *__user uprofile) { struct su_profile *profile = memdup_user(uprofile, sizeof(struct su_profile)); if (!profile || IS_ERR(profile)) return PTR_ERR(profile); - int rc = su_add_allow_uid(profile->uid, profile->to_uid, profile->scontext, 1); + int rc = su_add_allow_uid(profile->uid, profile->to_uid, profile->scontext, &profile->ext, 1); kvfree(profile); return rc; } diff --git a/kernel/patch/common/supercmd.c b/kernel/patch/common/supercmd.c index 4ed5fc55..7a2aea1b 100644 --- a/kernel/patch/common/supercmd.c +++ b/kernel/patch/common/supercmd.c @@ -58,7 +58,7 @@ static const char supercmd_help[] = "" "KernelPatch supercmd:\n" "Usage: truncate [-uZc] [Command [[SubCommand]...]]\n" - "superkey|su: Authentication. For certain commands, if the current uid is allowed to use su,\n" + "superkey|su: Authentication for certain commands, if the current uid is allowed to use su,\n" " the 'su' string can be used for authentication.\n" "Options:\n" " -u Change user id to UID.\n" @@ -75,14 +75,14 @@ static const char supercmd_help[] = " whose full PATH is '/system/bin/kp'. This can avoid conflicts with the existing 'su' command.\n" " If you wish to modify this PATH, you can use the 'reset' command.\n" " SubCommand:\n" - " grant [TO_UID] [SCONTEXT] Grant su permission to UID.\n" - " revoke Revoke su permission to UID.\n" - " num Get the number of uids with the aforementioned permissions.\n" - " list List all su allowed uids.\n" - " profile Get the profile of the uid configuration.\n" - " path [PATH] Get or Reset current su path. The length of PATH must 2-127.\n" - " sctx [SCONTEXT] Get or Reset current all allowed security context, \n" - " event Report EVENT.\n" + " grant [TO_UID [SCONTEXT [EXCLUDE]]] Grant su permission to UID. EXCLUDE is 'true' or 'false'.\n" + " revoke Revoke su permission to UID.\n" + " num Get the number of uids with the aforementioned permissions.\n" + " list List all su allowed uids.\n" + " profile Get the profile of the uid configuration.\n" + " path [PATH] Get or Reset current su path. The length of PATH must 2-127.\n" + " sctx [SCONTEXT] Get or Reset current all allowed security context, \n" + " event Report EVENT.\n" "\n" "The command below requires superkey authentication.\n" " module [...]: KernelPatch Module manager\n" @@ -121,7 +121,9 @@ static void handle_cmd_sumgr(char **__user u_filename_p, const char **carr, char } if (carr[3]) kstrtoull(carr[3], 10, &to_uid); if (carr[4]) scontext = carr[4]; - su_add_allow_uid(uid, to_uid, scontext, 1); + struct su_profile_ext ext = { .exclude = false }; + if (carr[5] && !strcmp(carr[5], "true")) ext.exclude = true; + su_add_allow_uid(uid, to_uid, scontext, &ext, 1); sprintf(buffer, "grant %d, %d, %s", uid, to_uid, scontext); cmd_res->msg = buffer; } else if (!strcmp(sub_cmd, "revoke")) { @@ -160,7 +162,8 @@ static void handle_cmd_sumgr(char **__user u_filename_p, const char **carr, char cmd_res->rc = su_allow_uid_profile(0, uid, &profile); if (cmd_res->rc) return; - sprintf(buffer, "uid: %d, to_uid: %d, scontext: %s", profile.uid, profile.to_uid, profile.scontext); + sprintf(buffer, "uid: %d, to_uid: %d, scontext: %s, exclude: %d", profile.uid, profile.to_uid, profile.scontext, + profile.ext.exclude); cmd_res->msg = buffer; } else if (!strcmp(sub_cmd, "path")) { diff --git a/kernel/patch/common/syscall.c b/kernel/patch/common/syscall.c index 4bb9b0c0..17c64d6e 100644 --- a/kernel/patch/common/syscall.c +++ b/kernel/patch/common/syscall.c @@ -357,11 +357,11 @@ void syscall_init() *addr = link2runtime(*addr); } - // sys_call_table = (typeof(sys_call_table))kallsyms_lookup_name("sys_call_table"); - // log_boot("sys_call_table addr: %llx\n", sys_call_table); + sys_call_table = (typeof(sys_call_table))kallsyms_lookup_name("sys_call_table"); + log_boot("sys_call_table addr: %llx\n", sys_call_table); - // compat_sys_call_table = (typeof(compat_sys_call_table))kallsyms_lookup_name("compat_sys_call_table"); - // log_boot("compat_sys_call_table addr: %llx\n", compat_sys_call_table); + compat_sys_call_table = (typeof(compat_sys_call_table))kallsyms_lookup_name("compat_sys_call_table"); + log_boot("compat_sys_call_table addr: %llx\n", compat_sys_call_table); has_config_compat = 0; has_syscall_wrapper = 0; diff --git a/kernel/patch/include/accctl.h b/kernel/patch/include/accctl.h index 771a133b..ebc87b57 100644 --- a/kernel/patch/include/accctl.h +++ b/kernel/patch/include/accctl.h @@ -24,7 +24,7 @@ int commit_common_su(uid_t to_uid, const char *sctx); int commit_su(uid_t uid, const char *sctx); int task_su(pid_t pid, uid_t to_uid, const char *sctx); -int su_add_allow_uid(uid_t uid, uid_t to_uid, const char *scontext, int async); +int su_add_allow_uid(uid_t uid, uid_t to_uid, const char *scontext, struct su_profile_ext *ext, int async); int su_remove_allow_uid(uid_t uid, int async); int su_allow_uid_nums(); int su_allow_uids(int is_user, uid_t *out_uids, int out_num); diff --git a/kernel/patch/include/uapi/scdefs.h b/kernel/patch/include/uapi/scdefs.h index b1392ad4..42234bb8 100644 --- a/kernel/patch/include/uapi/scdefs.h +++ b/kernel/patch/include/uapi/scdefs.h @@ -55,11 +55,21 @@ static inline long hash_key(const char *key) #define SUPERCALL_KEY_MAX_LEN 0x40 #define SUPERCALL_SCONTEXT_LEN 0x60 +struct su_profile_ext +{ + union + { + bool exclude; + }; + char _[32]; +}; + struct su_profile { uid_t uid; uid_t to_uid; char scontext[SUPERCALL_SCONTEXT_LEN]; + struct su_profile_ext ext; }; #ifdef ANDROID